Pick a day:
= Demo |
= Tool |
= Exploit
Get the schedule in printable PDF Format
Introducing the DEF CON Evening Lounge
These are smaller more intimate talks that don't require audio and video support for a limited audience. For more detailed descriptions view their abstracts on the Speaker page.
Friday
-
Trevi Room
Panel - An Evening with the EFF
20:00 - 22:00
-
Capri Room
Hacking Democracy, with Mr. Sean Kanuck
20:00 - 22:00
-
Modena Room
20:00 - 22:00
Saturday
-
Trevi Room
-
Capri Room
DC to DEF CON: Q&A with Congressmen James Langevin and Will Hurd
15:00 - 17:00
-
Modena Room
-
Panel - Meet the Feds (who care about security research)
20:00 - 22:00
-
Panel - D0 No H4RM: A Healthcare Security Conversation
20:00 - 22:00
Thursday
10:00
-
101 Track
There’s no place like 127.0.0.1 - Achieving reliable DNS rebinding in modern browsers
Luke Young
-
101 Track Two
Where are the SDN Security Talks?
Jon Medina
11:00
-
101 Track
From Box to Backdoor: Using Old School Tools and Techniques to Discover Backdoors in Modern Devices
Patrick DeSantis
-
101 Track Two
Opt Out or Deauth Trying !- Anti-Tracking Bots Radios and Keystroke Injection
Weston Hecker
12:00
-
101 Track
Porosity: A Decompiler For Blockchain-Based Smart Contracts Bytecode
Matt Suiche
-
101 Track Two
Max Bazaliy
13:00
-
101 Track
Matt 'openfly' Joyce
-
101 Track Two
Joe Rozner
14:00
-
101 Track
Gerald Steere & Sean Metcalf
-
101 Track Two
See No Evil, Hear No Evil: Hacking Invisibly and Silently With Light and Sound
Matt Wixey
15:00
-
101 Track
Inside the “Meet Desai” Attack: Defending Distributed Targets from Distributed Attacks
CINCVolFLT (Trey Forgety)
-
101 Track Two
Real-time RFID Cloning in the Field
Dennis Maldonado
15:30
-
101 Track
Inside the “Meet Desai” Attack: Defending Distributed Targets from Distributed Attacks (cont.)
CINCVolFLT (Trey Forgety)
-
101 Track Two
Exploiting 0ld Mag-stripe information with New technology
Salvador Mendoza
16:00
-
101 Track
DEF CON 101 Panel (Until 18:00)
HighWiz, Malware Unicorn, Niki7a, Roamer, Wiseacre, & Shaggy
-
101 Track Two
The Last CTF Talk You’ll Ever Need: AMA with 20 years of DEF CON Capture-the-Flag organizers (Until 18:00)
Vulc@n, Hawaii John, Chris Eagle, Invisigoth, Caezar, & Myles
Friday
10:00
-
101 Track
macOS/iOS Kernel Debugging and Heap Feng Shui
Min(Spark) Zheng & Xiangyu Liu
-
Track Two
The Dark Tangent
-
Track Three
Garry Kasparov
-
Track Four
Secret Tools: Learning About Government Surveillance Software You Can’t Ever See
Peyton “Foofus” Engel
10:30
-
101 Track
Offensive Malware Analysis: Dissecting OSX/FruitFly via a Custom C&C Server
Patrick Wardle
-
Track Two
Hacking travel routers like it’s 1999
Mikhail Sosonkin
-
Track Three
The Brain’s Last Stand (cont.)
Garry Kasparov
-
Track Four
Andrea Matwyshyn, Terrell McSweeny, Dr. Suzanne Schwartz, & Leonard Bailey
11:00
-
101 Track
Rage Against the Weaponized AI Propaganda Machine
Suggy (AKA Chris Sumner)
-
Track Two
Damien “virtualabs” Cauquil
-
Track Three
Konstantinos Karagiannis
-
Track Four
Panel: Meet The Feds (cont.)
Andrea Matwyshyn, Terrell McSweeny, Dr. Suzanne Schwartz, & Leonard Bailey
12:00
-
101 Track
CITL and the Digital Standard - A Year Later
Sarah Zatko
-
Track Two
Open Source Safe Cracking Robots - Combinations Under 1 Hour! (Is it bait? Damn straight it is.)
Nathan Seidle
-
Track Three
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
Orange Tsai
-
Track Four
Hacking Democracy: A Socratic Dialogue
Mr. Sean Kanuck
13:00
-
101 Track
Controlling IoT Devices With Crafted Radio Signals
Caleb Madrigal
-
Track Two
Teaching Old Shellcode New Tricks
Josh Pitts
-
Track Three
Starting the Avalanche: Application DoS In Microservice Architectures
Scott Behrens & Jeremy Heffner
-
Track Four
Next-Generation Tor Onion Services
Roger Dingledine
14:00
-
101 Track
Using GPS Spoofing to Control Time
David “Karit” Robinson
-
Track Two
Death By 1000 Installers; on MacOS, It’s All Broken!
Patrick Wardle
-
Track Three
Breaking the x86 Instruction Set
Christopher Domas
-
Track Four
How We Created the First SHA-1 Collision and What it means For Hash Security
Elie Bursztein
15:00
-
101 Track
Assembly Language is Too High Level
XlogicX
-
Track Two
Phone System Testing and Other Fun Tricks
“Snide” Owen
-
Track Three
Svea Eckert & Andreas Dewes
-
Track Four
Abusing Certificate Transparency Logs
Hanno Böck
16:00
-
101 Track
Radio Exploitation 101: Characterizing, Contextualizing, and Applying Wireless Attack Methods
Matt Knight & Marc Newlin
-
Track Two
The Adventures of AV and the Leaky Sandbox
Itzik Kotler & Amit Klein
-
Track Three
An ACE Up the Sleeve: Designing Active Directory DACL Backdoors
Andy Robbins & Will Schroeder
-
Track Four
“Tick, Tick, Tick. Boom! You’re Dead.” — Tech & the FTC
Whitney Merrill & Terrell McSweeny
17:00
-
101 Track
Artem Kondratenko
-
Track Two
-
Track Three
MEATPISTOL, A Modular Malware Implant Framework
FuzzyNop (Josh Schwartz) & ceyx (John Cramb)
-
Track Four
The Internet Already Knows I’m Pregnant
Cooper Quintin & Kashmir Hill
Saturday
10:00
-
101 Track
Persisting with Microsoft Office: Abusing Extensibility Options
William Knowles
-
Track Two
$BIGNUM Steps Forward, $TRUMPNUM Steps Back: How Can We Tell If We’re Winning?
Cory Doctorow
-
Track Three
Get-$pwnd: Attacking Battle-Hardened Windows Server
Lee Holmes
-
Track Four
The Spear to Break the Security Wall of S7CommPlus
Cheng
10:30
-
101 Track
Breaking Wind: Adventures in Hacking Wind Farm Control Networks
Jason Staggs
-
Track Two
$BIGNUM Steps Forward, $TRUMPNUM Steps Back: How Can We Tell If We’re Winning? (cont.)
Cory Doctorow
-
Track Three
WSUSpendu: How to Hang WSUS Clients
Romain Coltel & Yves Le Provost
-
Track Four
(Un)Fucking Forensics: Active/Passive (i.e. Offensive/Defensive) Memory Hacking/Debugging.
K2
11:00
-
101 Track
Microservices and FaaS for Offensive Security
Ryan Baxendale
-
Track Two
Secure Tokin’ and Doobiekeys: How to Roll Your Own Counterfeit Hardware Security Devices
Joe FitzPatrick & Michael Leibowitz
-
Track Three
skud (Mark Williams) & Sky (Rob Stanley)
-
Track Four
Evading Next-Gen AV Using Artificial Intelligence
Hyrum Anderson
11:30
-
101 Track
Abusing Webhooks for Command and Control
Dimitry Snezhkov
-
Track Two
Secure Tokin’ and Doobiekeys: How to Roll Your Own Counterfeit Hardware Security Devices (cont.)
Joe FitzPatrick & Michael Leibowitz
-
Track Three
If You Give a Mouse a Microchip... It Will Execute a Payload and Cheat At Your High-stakes Video Game Tournament (cont.)
skud (Mark Williams) & Sky (Rob Stanley)
-
Track Four
All Your Things Are Belong To Us
Zenofex, 0x00string, CJ_000, & Maximus64
12:00
-
101 Track
Mickey Shkatov, Jesse Michael, & Oleksandr Bazhaniuk
-
Track Two
When Privacy Goes Poof! Why It’s Gone and Never Coming Back
Richard Thieme a.k.a. neuralcowboy
-
Track Three
DNS - Devious Name Services - Destroying Privacy & Anonymity Without Your Consent
Jim Nitterauer
-
Track Four
All Your Things Are Belong To Us (cont.)
Zenofex, 0x00string, CJ_000, & Maximus64
13:00
-
101 Track
Demystifying Windows Kernel Exploitation by Abusing GDI Objects.
5A1F (Saif El-Sherei)
-
Track Two
Koadic C3 - Windows COM Command & Control Framework
Sean Dillon (zerosum0x0) & Zach Harding (Aleph-Naught-)
-
Track Three
Twenty Years of MMORPG Hacking: Better Graphics, Same Exploits
Manfred (@_EBFE)
-
Track Four
A Picture is Worth a Thousand Words, Literally: Deep Neural Networks for Social Stego
Philip Tully & Michael T. Raggo
14:00
-
101 Track
Omar Eissa
-
Track Two
Trojan-tolerant Hardware & Supply Chain Security in Practice
Vasilios Mavroudis & Dan Cvrcek
-
Track Three
Linux-Stack Based V2X Framework: All You Need to Hack Connected Vehicles
p3n3troot0r (Duncan Woodbury) & ginsback (Nicholas Haltmeyer)
-
Track Four
XenoScan: Scanning Memory Like a Boss
Nick Cano
15:00
-
101 Track
MS Just Gave the Blue Team Tactical Nukes (And How Red Teams Need To Adapt)
Chris Thompson
-
Track Two
Jason Hernandez, Sam Richards, & Jerod MacDonald-Evoy
-
Track Three
trixr4skids
-
Track Four
Digital Vengeance: Exploiting the Most Notorious C&C Toolkits
Professor Plum
16:00
-
101 Track
Dealing the Perfect Hand - Shuffling Memory Blocks On z/OS
Ayoul3
-
Track Two
Inbar Raz & Eden Shochat
-
Track Three
CableTap: Wirelessly Tapping Your Home Network
Marc Newlin, Logan Lamb, & Chris Grayson
-
Track Four
Game of Drones: Putting the Emerging “Drone Defense” Market to the Test
Francis Brown & David Latimer
17:00
-
101 Track
Here to stay: Gaining persistency by Abusing Advanced Authentication Mechanisms
Marina Simakov & Igal Gofman
-
Track Two
Morten Schenk
-
Track Three
Introducing HUNT: Data Driven Web Hacking & Manual Testing
Jason Haddix
-
Track Four
Plore
Sunday
10:00
-
101 Track
Unboxing Android: Everything You Wanted To Know About Android Packers
Avi Bashan & Slava Makkaveev
-
Track Two
I Know What You Are by the Smell of Your Wifi
Denton Gentry
-
Track Three
Breaking Bitcoin Hardware Wallets
Josh Datko & Chris Quartier
-
Track Four
Untrustworthy Hardware and How to Fix It
0ctane
10:30
-
101 Track
Unboxing Android: Everything You Wanted To Know About Android Packers (cont.)
Avi Bashan & Slava Makkaveev
-
Track Two
Redezem
-
Track Three
Dor Azouri
-
Track Four
Ghost in the Droid: Possessing Android Applications with ParaSpectre
chaosdata
11:00
-
101 Track
Total Recall: Implanting Passwords in Cognitive Memory
Tess Schrodinger
-
Track Two
Backdooring the Lottery and Other Security Tales in Gaming over the Past 25 Years
Gus Fritschie & Evan Teitelman
-
Track Three
Exploiting Continuous Integration (CI) and Automated Build systems
spaceB0x
-
Track Four
Ghost Telephonist’ Impersonates You Through LTE CSFB
Yuwei Zheng & Lin Huang
12:00
-
101 Track
The Black Art of Wireless Post Exploitation
Gabriel “solstice” Ryan
-
Track Two
Are all BSDs are created equally? A survey of BSD kernel vulnerabilities.
Ilja van Sprundel
-
Track Three
The Call Is Coming From Inside the House! Are You Ready for the Next Evolution in DDoS Attacks?
Steinthor Bjarnason & Jason Jones
-
Track Four
John Sotos
13:00
-
101 Track
Game of Chromes: Owning the Web with Zombie Chrome Extensions
Tomer Cohen
-
Track Two
Bypassing Android Password Manager Apps Without Root
Stephan Huber & Siegfried Rasthofer
-
Track Three
Malicious CDNs: Identifying Zbot Domains en Masse via SSL Certificates and Bipartite Graphs
Thomas Mathew & Dhia Mahjoub
-
Track Four
Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
Daniel Bohannon (DBO) & Lee Holmes
14:00
-
101 Track
Call the Plumber - You Have a Leak in Your (Named) Pipe
Gil Cohen
-
Track Two
Weaponizing Machine Learning: Humanity Was Overrated Anyway
Dan “AltF4” Petro & Ben Morris
-
Track Three
Haoqi Shan & Jian Yuan
-
Track Four
Friday the 13th: JSON attacks!
Alvaro Muñoz & Oleksandr Mirosh
15:00
-
101 Track
Bridging the Gap between DC and DEF CON: Fireside Chat with Congressmen James Langevin and Will Hurd
Rep. James Langevin, Rep. Will Hurd, & Joshua Corman
-
Track Two
Zardus (Yan Shoshitaishvili)
-
Track Three
-
Track Four